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Qualys CMDB Sync App 


Preface 


Welcome to Qualys Cloud Platform! In this guide, we'll show you how to use the Qualys CMDB 
Sync App to synchronize Qualys IT asset discovery and classification with the ServiceNow 
Configuration Management Database (CMDB) system. 


About Qualys 


Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and 
compliance solutions. The Qualys Cloud Platform and its integrated apps help businesses 
simplify security operations and lower the cost of compliance by delivering critical security 
intelligence on demand and automating the full spectrum of auditing, compliance and 
protection for IT systems and web applications. 


Founded in 1999, Qualys has established strategic partnerships with leading managed service 
providers and consulting organizations including Accenture, BT, Cognizant Technology 
Solutions, Deutsche Telekom, Fujitsu, HCL, HP Enterprise, IBM, Infosys, NTT, Optiv, 
SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding 
member of the Cloud Security Alliance (CSA). For more information, please visit 
www.qualys.com 


Qualys Support 


Qualys is committed to providing you with the most thorough support. Through online 
documentation, telephone help, and direct email support, Qualys ensures that your questions 
will be answered in the fastest time possible. We support you 7 days a week, 24 hours a day. 
Access support information at www.qualys.com/support/ 
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Introduction to Qualys CMDB App 


The Qualys CMDB Sync App synchronizes Qualys IT asset discovery and classification with the 
ServiceNow Configuration Management Database (CMDB) system. The App automatically 
updates the ServiceNow CMDB with any assets discovered by Qualys and with up-to-date 
information on existing assets, giving ServiceNow users full visibility of their global IT assets on 
a continuous basis. Conversely, if an asset is added to the ServiceNow CMDB, the App will add it 
to the Qualys asset inventory. For assets that exist in both asset repositories, selected metadata 
can be synchronized. 


To know about the latest versions of SNOW supported, visit the CMDB Sync listing in the 
ServcieNow Store. 


Upgrade to 1.2.0 
Version 1.2.0 onwards, we have updated choice lists for “Qualys API truncation limit” and 
“Import batch size” properties. 


Before you initiate the upgrade to 1.2.0, to get the updated choice lists, follow the steps given in 
the document: https://docs.servicenow.com/bundle/kingston-application- 
development/page/build/system-update-sets/task/t_OverwriteCustomizsDuringUpegrades.html 


Prerequisites 


Make sure you have a valid Qualys Account Subscription with API Access. 


Visit the ServiceNow Store, search for this app, and click Contact Seller. Your TAM will be in 
touch regarding pricing, and then ServiceNow will provision the app into an instance of your 
choice. After that, the app will start appearing in the “Downloads” list in your instance. Then 
you need to click the “Install” button there to start using the app. After you are done, you will 
have a new module in your ServiceNow instance that looks like this: 


nu Service Management Al 
( F } + || System Administration v $08 © 
MEM - Make your life easier, create a dashboard! 
Self-Service 
Did you know you can create a dashboard version of this homepage? Dashboards are like homepages, but easier to use. Dashboards have a drag-and-drop canvas that lets you 
Benchmarks easily add, move, and resize widgets. You can also add multiple tabs. Flexible sharing lets any user view and collaborate on dashboards with you! 
Certification Self-Test Tool Don't ask me again Remind me later Create dashboard version 


Detection List Import Item Run 
System Administration 


Guided Setup 
Guided Setup : System Security Business Logic 
& Guided Setup tools to help you set & Configure and monitor instance Manage workflow and behavior of 
ee] up ServiceNow security settings applications 
Qualys CMDB Sync App *& 
» Configuration 
ole Create and Deploy TTT] Data Management | 7 Diagnostics 
oe =e Create, modify and deploy magm 2282 the way datas stored and [N Performance, development and 
applications to your instances displayed : debugging tools 
(+) daa — 
» Advanced 
» Reports a Email go Homepages u e Integration 
Customize behavior of inbound and Configure hor n h 
= outbound email 
» Support outbound emai A K 
Qualys Vulnerability Integration 
e 
7 Reporting and Analytics User Administration v 
Service Desk K] Create visual representations of BU Manage users, groups and their ee, 
Incident D Y LD 
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Setup 


After installation, add API source(s). Go to Qualys CMDB Sync App > Configuration > API Sources, 
and click New. Enter required details in the form. 


JD. John Doe + 


nuw Service Management a (55) © 3% 


(F MES = eee @ 2% ooo Submit | Test Connection 
* © >k Name Active Y 
Qualys CMDB Sync App E Server  https://qualysapi.qualys.com a Created 
v Configuration >* Username Updated 
API Sources > Password Qualys to 
ServiceNow Sync 
Schedules Enable Qualys to Count(New) 
ServiceNow Sync? A 
ServiceNow to 
Enable ServiceNow Qualys Sync 
to Qualys Sync? Count(New) 
y Sync 
Count of un- 
Import Queue scanned assets 
Count of assets synced from ServiceNow to Qualys but not scanned yet. 
Approve Qualys Assets 
Export Queue Sync Date/Time Vv 
v Advanced 
Asset Tags Last 
App Scheduled Jobs Sync 
Transform Maps Submit Test Connection 
Related Links 
¥ Reports 
Test Connection 
Qualys Asset Tags by Source h 
(0) 
O 
Name is anything you would like to call it, and Username and Password are valid Qualys Cloud 
Platform credentials with API access enabled. 


TOW? service Management 


JD, John Doe + 


208 


G (= Quays anie Credentials @ E 00 Test Connection 
* © E e O 
Qualys CMDB Sync App Server — https:/qualysapi.qualys.com a Created | 2017-12-1401:11:48 5 
y Configuration Username | user_john Updated | 2017-12-2001:11:51 
API Sources Password | sesssss« Qualys to ServiceNow 
Sync Count(New) 
Schedules Enable Qualysto [v 
Senan Sick ServiceNow to Qualys 
‘Sync Count(New) 
p Enable ServiceNowto |v a i 
aes ount of un-scann 
Y Sync Qe assets 
esas Count of assets synced from ServiceNow to Qualys but not scanned yet. 
‘Approve Qualys Assets Sync Date/Time v 
Export Queue 
Asset Tags LastSync | 2017-12-1401:11:59 a 
v Advanced 
arnai 
App Scheduled Jobs e 
Related Links 
‘Transform Maps Test Connection 


1) After you fill in the required fields, click Submit to save the API source. 


2) After configuring and saving the API source, choose the connection you just built, and click 
Test Connection. Once you have a successful connection you are ready to move on to Schedules. 
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Schedules 


You will need to setup at least 1 schedule. You may eventually want many more. 


ServiceNow user's Timezone setting 


In the schedule scripts we use ServiceNow’s new 

GlideDateTime () .getDisplayValueInternal (); function to update the schedule 
last_run_timestamp. When this object is instantiated directly and used (e.g. in scoped 
application background script), it returns time in GMT, irrespective of the timezone set for user 
under whom this script runs. That's how it is designed. Also, since Service Now does not allow 
scoped applications to set the timezone, app cannot do that on behalf of the user who created 
the schedule. BUT, the time value you see on the UI is shown in the user set timezone - even if 
you set GMT date-time in this column. When the schedule runs next time, it gets value in GMT, 
and not the one you see on UI. That may lead to confusion, and log entries show time in GMT, 
for this reason we recommend that the Service Now user set his or her time to GMT. 


Qualys to ServiceNow Scheduling 


Now Service Management JD, JohnDoe ~ Q CF © $08 
G j| | < | = New record $ =>» EN 
* © Name Run | Daily 
Qualys CMDB Sync App A Active Y Time | Hours 00 00 00 
y Configuration > API Source a Last Run Timestamp =) 
API Sources Sync Direction Qualys to Servicenow 
Schedules Conditional 
Properties [aao sentcanon sy | Meta Info 
ye Qualys Asset Tag Q 
Inport Queue Sync Ports info? 
Approve Qualys Assets Sync Software Info? 
port omone Sync Hardware info? 
v Advanced 
App Scheduled Jobs ES 
You will give this configuration a Name, choose the API Source you setup in the previous step, 


and a Qualys Asset Tag you want synced over. We do not recommend leaving this blank. Also, 
choose if you would like us to sync Ports, Software and Hardware information. The more 

detailed a scan you have done with Qualys Cloud Platform, the more detail you will have here. 
The Cloud Agent will have the most detail of an asset, while Authenticated Scans will have the 
next most detail, with Un-authenticated scans having the least. 


From version 1.2.1, the app has time restrictions on transaction run time. Although by default 
the time restriction is set to 10 minutes, you can change the time restriction to any time between 
10 and 60 minutes by configuring Max Transaction Lifetime (in minutes): on Properties page. If 
you configure the transaction time to 20 minutes, the transaction is stopped after 20 minutes. In 
such a case, next scheduled run will resume from where the earlier run was stopped. 


For initial sync from Qualys to ServiceNow, we recommend that you plan your schedules at an 
interval of every fifteen minutes. 
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ServiceNow to Qualys Scheduling 


ServiCenuw' service Management a v 
Welcome: John Doe A [Logout] [+] sal 


Y © < = Schedules @® & 
mpprove wuarys Assets 
Export Queue 
Y Advanced Name Run Daily Y 
App Scheduled Jobs Active [Y Time | Hours |00 00 00 
Transform Maps 
Y Reports API Source POD4 Q © Last Run Timestamp 3 
Qualys Asset Tags by Source 
Asset Tags Distribution Sync Direction Servicenow to Qualys d 
OS Distribution 
Assets awaiting approval Conditional 
Y Support 
README Servicenow to Qualys Sync | Meta Info 
Application Log 
Qualys Vulnerability Integration Tracking | IP v 
method 
Service Desk 
Only NETWORK_RANGE tags are available. 
Incident 
P 
Problem Qualys Asset Tag Q 
Change Please select Qualys Asset Tag or Qualys Asset Group. 
Configuration 


Cl Class Manager i Sip q 


CMDB Groups 
CMDB Query Builder 
Health Preference 
CMDB Remediations 
CMDB Reports 


Enable VM? |v 


This needs to be enabled else synced assets wont be scanned by Qualys. 


Business Services Enable PC? 
Applications P z z 
Tick this if you want the assets to be scanned for Policy Compliance. 
y CMDB Dashboard 
CMDB View Table | Computer [cmdb_ci_computer] v 
Service View 
Group View 


Query | Add Filter Condition || Add "OR" Clause 
Y Application Servers 


All — choose field -- v || —oper— — value — 
Tomcat F. 


Itis mandatory for you to either choose a Qualys Asset Tag or Qualys Asset Group. The “Qualys 
Asset Tag” or “Qualys Asset Group” box will assign that tag in Qualys Cloud Platform to any 
assets synced from ServiceNow. 


Note - The Asset Tags and Asset Groups that belong to only Network_range type are populated. 
All other asset tags and asset groups are ignored. 


We also highly recommend you add filter conditions (at minimum IP Address) to assets to be 
synced. When you select a TABLE ensure that the table has a column with “ip_address” name, 
else the Servicenow > Qualys sync may not function. Finally you must enable VM (Vulnerability 
Management) to be able to scan the assets you sync. It is optional to enable PC (Policy 
Compliance). 


What’s New 


From version 1.2.1, a new option allows you to choose a tracking method when syncing from 
ServiceNow to Qualys. Choose IP, DNS, or NETBIOS tracking method. 
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Properties 


Y O Qualys Assets Sync Properties 
Self-Service ES , . , F 

Qualys Import API call truncation limit - This property defines how many host assets to include in a single 
Benchmarks response. 


100 v| 
Detection List Import Item Run 


Assets awaiting approval 
Y Support 


Guided Setup Size of Import batch - This property defines the batch size for import queue. Import queue processor will pick 
up only these many records from queue which are marked as QUEUED 
Qualys CMDB Sync App E = 
Y Configuration 
APIS Size of Export batch - This property defines the batch size for export queue. Export queue processor will pick 
_—- up only these many records from queue at a time 
Ww Schedules mo = 
W Properties ! n: 
Y Sync Allow Asset Group Sync ? - This property defines the permission to fetch asset groups. Application will pull 
Import Queue 4| asset groups for all added API sources only if this field is checked. If not, asset groups will not be pulled from 
p 
Approve Qualys Assets Qualys Server. 
Export Queue y Yes | No 
Y Advanced A al o i r PEAR 
API Timeout Setting (in milliseconds) - This property defines the API request timeout period in milliseconds.(1 
App Scheduled Jobs minute=60000 milliseconds). 
Transform Maps [480000 y] 
Y Reports 
Qualys Asset Tags by Source Max Transaction Lifetime (in minutes) - Stop transaction after these many minutes. 
Asset Tags Distribution [10 v| 
OS Distribution 


Log additional information ? 


y Yes | No 


You may define application specific properties on this page. The properties are self-explanatory. 


1) Select the Qualys Import API call truncation limit . This property defines how many host 
assets to include in a single Qualys API response. 


For hostasset APIs, default truncation limit is 100 - 1.e. if you do not provide that in preferences, 
1t will return 100 records. However, you can provide any value between 1-100. If you provide 
truncation limit which is greater than 100, it results in INVALID_REQUEST error. 


In our SN app, we have set the default value to 100. If SN is killing the import queue processing 
jobs, then user can lower that value so that XML processing time fits in job execution time limits. 


We have provision to up that truncation limit up to 100, in case customer knows their assets do 
not have much data (ultimately resulting in smaller XML size) and if they want to keep number 
of API calls made as low as possible. 


For example, you can set higher truncation limit if you aren't pulling any hardware/software 
information. In such a case, each host asset record will not have huge information associated. 
One should use that only if they KNOW that information in each record will be smaller. 


) Size of Import batch is now restricted to 1 
) Select Size of Export batch 

) Allow Asset Group Sync 

) API Timeout Setting (in milliseconds) 

) Max Transaction Lifetime (in minutes): 

) 
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Sync 


Import Queue 


This shows the list of jobs run from Qualys TO ServiceNow Assets. The status indicates whether 
application was able to parse the XML response successfully. The XML that was transferred is 
also available here (usually attached as response.xml): 


NOW «vee naraeement 0, wmo = AOS 
F import O) | = import queves a Goto Processing Notes v a 1 to200t81 > >> 
> 
a * G jrs 
© OQ Processing Notes E Processing San E Processor GUID = queued on E schedule = source =suus 
Qualys MDB Sync App 
O mow 2017-1220225600 T0eb38674f8b03004788303181 10c71f 2017-12202238:10 Allassets from US POD Uspod success 
Vse 
E = = a —= = — 
Import Queue 
O tm (empty 2017-1220225248 All assets from US POD Uspod Queved 
Reports 4 
E E AlLassets fomus POD 
© lemas (empty) 7oeb39674f8b0300478830318110c71I 2017-12-20224039 Uspod Queved 
in jemory 2017122023724 8¢997ca34f8b0300878830318110¢7C2 2017-12-202231:43 All assets from US POD Uspod success 
Load Data O sm (empty) 70eb3967418b0300478830318110CT1f 2017-12-20 2241:05 AlLassets from US POD Uspod Queved 
Create Transtorm Map O tem (empty) 2017-12-202246:15 Allassets from US POD Us pod Queved 
Run Transform © lema 2017-12-2023:00:59 70eb38674f860300478830318110cT1f 2017-12-202240:01 Allassets from US POD Us pod Processing 
V Administration r 
© temen (empty) 2017-12-20 2245:50 All assets from US POD Us pod Queved 
Data Sources 
© lema (empty) 2017-12-20224648 Allassets from US POD Uspod Queved 
Transform Maps Hapus 
lempi (empty) 2017-12.2072253:14 All sets from US POD uspod Queved 
Scheduled imports 
D temo (empty! 2017-12-20 2252:09 Allassets from US POD Us pod Queved 
V Advanced 
) femoty 2017.122022:38:18 99 7ca34fb0200478830318110¢7C2 2017-12-202232:01 Ml assets from us POD uspod success 
Import Sets. 
P © km 20171220225933 T0eb38674f8b0300478830318110c71f 20171220223925 Allassets fromus POD Uspod Success 
Tiis ) lemony (empty) 2017-12.2072247:30 AL assets from US POD Uspod Queved 
Transform Errors © km (empty) 2017122025152 Allassets from US POD Uspod Queved 


Approve Qualys Assets 


Assets imported from Qualys to Service Now will be here for approval after successful processing 
in Import Queue. If processing fails for any record in import queue (status = Error), none of the 
host assets in that XML will be visible here. You will need to approve each individually or a 
screen at a time. It will overwrite data in your CMDB if you approve the asset. 


now Service Management JD JohnDoe x QC ®© & 


E TEE a 
G ) Ñ 
* © Y All> Qualys Host ID is not empty> Computer Sys Id is empty> Status is not empty 
Je a = IP Address = Source ld = DNS Hostname = QWEB Host Id = Qualys Host ID = Tags 
Qualys CMDB Sync App 
O 57.67.163.4 USPOD1 4839636 55582 Add tag. 
v Configuration 
© 57.67.177.245 USPODI 4839637 55583 Add tag. 
API Sources 
a © 57.67.163.22 USPOD1 4839638 55584 Add tag. 
Schedul 
=, © 57.67.163.19 USPODI 4839639 55587 Add tag. 
Y Sync O 57.67.163.21 USPODI draco.zeroprivate.net 4839640 55588 Add tag... 
Import Queue O 57.67.163.26 USPOD1 draco.zeroprivate.net 4840231 55589 Add tag... 
Approve Qualys Assets @ 576716327 USPOD1 draco.zeroprivate.net 4840232 55590 Add tag. 
ELO (O 516116328 USPODI draco.zeroprivate.net 4840233 55591 Add tag 
' Advanced 7 
O 57.67.163.29 USPOD1 draco.zeroprivate.net 4840234 55592 Add tag. 
App Scheduled Jobs 
© 57.67.163.30 USPODI draco.zeroprivate.net 4840235 55593 Add tag... 
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If fields gathered aren’t showing in your list, do the following: 
1) Referring the same screen shot, click on the gear icon that’s to the upper left of main pane. 


2) In the pop up that opens, you see two lists - Available and Selected. 


Personalize List Columns x 
Available Selected 

Created Address 

Created by Hostname 

Gateway Address Qualys Asset 

Interface Name Type 

MAC Address 

Tags 

Updated 

Updated by 

Updates > MA 

< Vv 
v Wrap column text Compact rows Active row highlighting 


/ Modern cell coloring 


vy Enable list edit ./ Double click to edit 


3) Find and double-click “MAC Address” from the Available list. It will end up in Selected list. 
4) Click OK. 

Now your view refreshes, and you should start seeing the MAC address column. 

We set values when that tag is present in XML. So, 1f for some interfaces MAC address is not 


available (XML does not contain it OR it’s empty), the value in SN table column would be empty. 
It's the same reason why you don't see Hostname for all the network interfaces in the sample. 
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Export Queue 


This is the list of assets to be synced from ServiceNow to Qualys Cloud Platform. If an IP 
Address exists in Qualys Cloud Platform we do not overwrite, we skip it and move on. Once the 
app successfully syncs the asset (successfully adds the IP address to user subscription), 
corresponding record from this list is removed. In case of any error, the record is retained with 
Error state, and “processing notes” column reflects some information about error. 


TOW? service Management 1, Johndoe > Q TOS 
F syn ®)| = tsponqueves EY Goto Message y 44 4 1 togofs > >> 
> 
* © eas 
JÖ Q SMessage = Schedule Sys 1d = Source Sys id = status = sync Tags = Table Name = Table Sys id 
‘Qualys CMDB Sync App 
© bmv Pushto Qualys Us pod Queued cmdb_cl_computer 122dc8204/f2C300478830318110c73e 
Y Configuration 

O oom Pushto Qualys Us pod Queued cmdb_cl_computer 40cfidce34f4b0300478830318110c73a 

API Sources 
O emy Push to Qualys Us pod Queued cmdb_cl_computer 122dc8204112c300478830318110c73e 

Schedules ox 

== @ ‘emo Push to Qual Us pod Queued cmdb_ci_computer Se470Bectft2c300478830318110c7Sd 

Y syne O em Push to Qualys Us pod Queued cmdb_cl_computer 2930146f4(4b0300478830318110c7c9 

Import Queue © temo Pushto Qualys Uspod Processing cmdb_ci_computer Elfa94COANNZC3OOATISZO3IBLLOCTAO 

Approve Qualys Assets: O tem y Push to Qualys Js pod Processing cmdb_cl_computer 1a2dc8204ff2c300478830318110c73e 

Esport Quese (O Eroruhile adding IP 10.00.10. API ret. Pushto Qualys Us pod Error cmdb_ci_computer 1a2dc8204112c300478830318110c73e 
TE 

V Advanced 

‘Actions on selected rows Y 44 4 1 tosots > >> 

App Scheduled Jobs 

Transform Maps 


App Scheduled Jobs 


All of the Apps schedules jobs are listed under Advanced > App Scheduled Jobs. An important 
one to be aware of is the “Qualys Asset Tags fetching job” which runs daily by default. This syncs 
all of the Asset Tags in Qualys Cloud Platform for use within the App. You may wish to run this 
more than once a day 1f you generate tags in Qualys Cloud Platform on a more regular basis. 


TOW? service Management ©) soimooe ~ arog 


(F qualys @) | = Scheduled Jobs [GUN Goto Name v 4a 1 ¡toro > >> 
S _ All> Application = Qualys CMDB Sync App> Class = Scheduled Script Execution 
El * © it 
| @ Q  ZMamea Name Active Active =Class Condition Æ Updated =Œ Conditional =Runas  =Runastz =Day =Day = Repeatinterval = Starting 
h ? 
bkas QualysAsset Qualys Asset —— 2017-08-17 Prabhas 2016-01-20 
chedules ©  ZagsFetching Tags Fetching true true Script D false Ge 1 Monday piya 
Job Job Execution ds Sapte i 
Properties 
at cae oe 2017-08-31 Prabhas 
Y Sync Queue true true Script false = 1 Monday 10 Minutes (empty) 
Processing 21:56:59 Gupte 
Processing Job o Execution 
Import Queue 
Qualys Fetch Qualys Fetch Scheduled 5 
Approve Qualys Assets @ AssetGroups — AssetGroups true true Script Maa C Nitin Babar i Monday 21 Hours RT 
Schedule Schedule Execution a ae 
Export Queue Qualys Host Scheduled 
© = a a IDUpdater true true Script Ar false Nitin Babar 1 Monday 1Hour a 
¥ Advanced Wndater top yop, Execution ee cs: 
Qualys 
App Scheduled Job Qualys impor jk 
iaaa Gin POS import Queue true true ary si aa false Nitin Babar 1 Monday SSeconds a 
© Processing p! 21:22:48 Min Babar y 00:00:01 
Transform Maps Processingob |), Execution 
¥ Reports Qualys import Qualys Scheduled 
Queue Import Queue 2018-01-23 Vikas 2018-01-01 
tru tru Script fal 1 Monday Second: 
Qualys Asset Tags by Source © processing Job Processing Ë eae 212051 a Sakhare onis an 00:00:02 
E 2 Job #2 
Asset Tags Distribution Qualys import Qualys ee 
Queue Import Queue 2018-01-23 Mikas 2018-01-01 
t Script fal: Monday 5 Second: 
OS Distribution ®  processingJob Processing "° me rip! 21:24:07 ese Sakhare $ an ASA 00:00:03 
os Execution 
Assets awaiting approval ae wre 
Queue Import Queue 2018-01-23 Vikas 2018-01-01 
© © Processing Job Processing "UF ue Pea 21:24:49 Ea Sakhare - O SEATS 00:00:04 
sa Job #4 A 
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Transform Maps 


A transform map is a set of field maps that determine the relationships between fields in an 
import set and fields in an existing ServiceNow table, such as Incidents [incident] or Users 
[sys_user]. After creating a transform map, you can reuse it to map data from another import set 
to the same ServiceNow table. The Transform Maps module enables an administrator to define 
destinations for imported data on any ServiceNow table. Transform mapping can be as simple as 
a drag and drop operation to specify linking between source fields on an import set table and 
destination fields on any ServiceNow table. Use transform mapping to map source and 
destination fields dynamically. The Transform Maps that the Qualys CMDB Sync App uses are 
now all listed in a handy location here. 


Learn more on Transform Maps: 


http://wiki.servicenow.com/index.php?title=Creating New_Transform_Mapsttesc.tab=0 


TOW? serice Management Jo JohnDoe~ Qo @) & 
( 7 y || = Table Transform Maps | New | Goto Order v [ben | 4a 1 to6of6 > »» 
S All>Application = Qualys CM 
$ O i pplication = Qualys CMDB Sync App 
A ee Q = Name = Active = Copy empty fields = Enforce mandatory fields = Order a = Run business rules = Run script = Script 
Qualys CMDB Sync App z 
Qualys Open : For 
Aeran o »= true false No 100 false false variables go 
Transform to: 
API Sources — http://wiki.... 
Schedules Qualys ; Far 
DI == true true No 100 true false variables go 
Properties Transform eg 8 
— http://wiki.... 
Y Sync 
Qualys yo 
Import Queue Network * For 
@ Interfaces true false No 100 false false variables go 
Transform to: 
Approve Qualys Assets 
gak: Map http://wiki.... 
Export Queue 3 
2 Qualys ma 
Y Advanced © Software true false No 100 false false variables go 
Transform a 
App Scheduled Jobs http://wiki.... 
l p 
Transform Maps — * For 
O A false No 100 false false variables go 
5 ae Transform do 
me http://wiki... 
Qualys Asset Tags by Source rr 
Qualys * For 
Asset Tags Distribution O aa true false No 100 false false variables go 
Transform le 
OS Distribution Sá Map http://wiki.... 
O) , 


We give you a few canned reports as an example of the kind of data visualization you can do 
with ServiceNow and the Qualys App for ServiceNow data. 
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Qualys Assets Tags by Source 


TOW service management 


Y Reports 


Qualys Asset Tags by Source 


Asset Tags Distribution 


OS Distribution 


Assets awaiting approval 


Y Support 


README 


€ Edit report 


Q This record is in the Qualys CMDB Sync App application, but Global is the current application. To edit this record click here. 


Data > Type > Configure > Style 
Row 

Asset tag v 
Column 

Name $ 
Aggregation 


Count v 


Max number of groups 


Show all v 


Y | Show Other 


Assets Tag Distribution 


NOW” serene 


) 


EE -+ 


Qualys CMDB Sync App 
Y Configuration 
API Sources 
‘Schedules 


Properties 


© 


< Editreport 


@ This record is in the Qualys CMDB Sync App application, but Global is the current application. To edit this record click here. 
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Debugging and Troubleshooting 


How to debug 
1) Application writes log entries at appropriate places, and after each important step. 


2) Also, whenever application finishes important activity, it logs “ <activity> Completed” entries. 


3) In case of problems, search the Application Logs module to find all the entries related to this 
application. See what all messages are logged by application, related to problem area. 


4) If application's log entries are not sufficient enough, and if you have access to script includes, 
you may add your own log statements. 


Observed Issues, how to troubleshoot them and work-arounds 


1) In case of huge data returned by Qualys API, the Import Queue Processor may timeout and 

terminate. In such a case, go to Properties page and lower the Import API call truncation limit. 
Additionally, the user will also need to go to the corresponding schedule, and empty the “Last 
run timestamp” field. 


2) Issue with ServiceNow GlideSysAttachment.getContent(): 


- If attachment size is more than 5mb, the getContent() method returns an empty string (*”), 
even though attachment in Import Queue record shows correct and complete XML. 


- In such a case, application puts that import queue entry in “Error” state, and updates the 
“processing notes” column with “Cannot process the attachment. File size maybe too large.” 


- If you encounter such a situation, you are advised to lower the 
“x_qual5_cmdb_sync.import_truncation_limit” property value to such a number, where response 
size will be under 5mb. 


Anticipated Issues 


1) No connection to API server. Such a case should get handled in Qualys Assets Sync script 
include, leading to graceful exit with proper log entries. 


2) Import Queue Processor timeout during processing a particular response. This may leave the 
corresponding Import Queue entry in “Processing” state for quite a long time. In such a case, user 
should manually change the status back to 


- “Queued”, if he wants to process that response again. If you reprocess any response, it will not 
lead to duplicate data, as application checks whether the record already exists in staging tables 
before inserting. 


- "Error”, if he does not want to process it again. 


List of expected failure modes 


- Qualys API server down 

- Qualys subscription expired 

- User credentials used are incorrect 

- User credentials are correct, but they do not have API access 
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Common Questions 


Qualys to ServiceNow Sync 


Do you currently or do you plan to support the IndentifyAndReconcile API for CMDB CRUD 
actions? 


https://docs.servicenow.com/product/configuration_management/concept/c_CMDBldentifyandR 
econcile.html The goal of this API is to maintain the integrity of the database, and to correctly 
identify Cis so that new records are created only if Cl is truly new to CMDB. The current version 
does not support this API. And, as of now, there is no plan to use it. However, we use transform 
maps and coalesce feature to update the matching record, if found. (matched on IP address only) 
If no matching record is found, only then will it create a new one. 


Is the comparison delta derived from just a few tables or the base CMDB_CI table? 


The records are primarily compared and updated/created on cmdb_ci_computer table. However, 
if the user wants to use any other table, they can easily update the transform map to work with 
the table of their choice. 


Do you re-class the Cl record if your IP endpoint device changes? Do you have a list of 
classes you have mapped for Cl record creation? 


We do not alter the class of CI record. 


When you create/update a Cl record do you record a datetime and identifier somewhere 
other than the description field for proper sorting/filtering? 


Whenever the record in cmdb_ci_computer table is updated/newly created, we set 
“discovery_source” column to “Qualys”. If you search with “Discovery source contains Qualys”, 
you should get all these records. 


What fields in SN do ports, software and hardware write to if checked? 


Since there are no out-of-box tables in ServiceNow serving our purpose to store this information, 
we have added new tables in the application scope. Except network adapters and volumes, rest 
of the information (open ports, installed software, processors) go into these tables in app scope. 
Network adapters information goes into cmdb_ci_network_adapter table and volumes 
information goes into cmdb_ci_file_systerm table. 


ServiceNow to Qualys Sync 


Is it possible to sync back more than one table? 
Yes, you need to create one schedule per table. 
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